On Mon, 23 Feb 2009, Ben Finney wrote: > > As openid provides no security whatsoever > > Just like an email address, an OpenID is good for identity; security > needs to be dealt with in a separate layer, just as with email. I > don't know who promised OpenID ???provides security???, or expects it.
What's the point of an identity if you can't rely on it to be really that identity? Authentication that is trivally bypassed or forged is not really useful. You might just as well accept any random username without the whole protocol stack. -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org